heartbeat -- insecure temporary file creation vulnerability

Description:

Eric Romang reports a temporary file creation vulnerability
within heartbeat. The vulnerability is caused by hardcoded
temporary file usage. This can cause an attacker to create
an arbitrary symlink causing the application to overwrite the
symlinked file with the permissions of the user executing the
application.

References:

Affects:

Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.